Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Business Process Modeling, Development and Support

International Conference on Exploring Modeling Methods for Systems Analysis and Design

BPMDS 2014, EMMSAD 2014: Enterprise, Business-Process and Information Systems Modeling pp 332–347Cite as

Model Comprehension and Stakeholder Appropriateness of Security Risk-Oriented Modelling Languages

  • Conference paper

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 175))

Abstract

Modelling and management of the security risks from the early stages of information systems development could help to envision early security threats, their consequences and potential countermeasures. However, the security modelling languages could bring benefit only if they are correctly applied and the stakeholders comprehend models and agree about their meaning. In this paper we analyse how humans comprehend the security risk-oriented/aware modelling (SRM) languages and models. Specifically, by applying the semiotic quality framework, we investigate (i) concepts of the security risk management, and (ii) participant and modeller appropriateness regarding the SRM languages. Our results indicate the best and worst perceived SRM constructs and highlight few challenges to improve the SRM languages.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Altuhhova, O., Matulevičius, R., Ahmed, N.: An Extension of Business Process Model and Notation for Security Risk Management. Accepted at the International Journal of Information System Modelling and Design (2013)

    Google Scholar 

  2. Bresciani, B., Perini, A., Giorgini, P., Fausto, G., Mylopoulos, J.: TROPOS: An Agent oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems 25, 203–236 (2004)

    Article  Google Scholar 

  3. Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A Systematic Approach to Define the Domain of Information System Security Risk Management. In: Nurcan, S., Salinesi, C., Souveyet, C. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Firesmith, D.G.: Engineering Safety and Security Related Requirements for Software Intensive Systems. In: ICSE 2007 Tutorial (2007)

    Google Scholar 

  5. Jurjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    Google Scholar 

  6. Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375–390. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Krogstie, J.: Model-Based Development and Evolution of Information Systems - A Quality Approach. Springer (2012)

    Google Scholar 

  8. Matulevičius, R.: Comparing Modelling Languages for Information Systems Security Risk Management. In: Seyff, N., Koziolek, A. (eds.) Modelling and Quality in Requirements Engineering: Essays Dedicated to Martin Glinz on the Occasion of His 60th Birthday, pp. 207–220. Monsenstein and Vannerdat, Münster (2012)

    Google Scholar 

  9. Matulevičius, R., Mouratidis, H., Mayer, N., Dubois, E., Heymans, P.: Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management. Journal of Universal Computer Science 18(6), 816–844 (2012)

    Google Scholar 

  10. Mayer, N.: Model-based Management of Information System Security Risk. Ph.D. thesis, University of Namur (2009)

    Google Scholar 

  11. Moody, D.L.: The “Physics” of Notations: Towards a scientific basis for Constructing Visual Notations in Software Engineering. IEEE Trans. Eng. 35, 756–779 (2009)

    Google Scholar 

  12. Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)

    Article  Google Scholar 

  13. Røstad, L.: An Extended Misuse Case Notation: Including Vulnerabilities and The Insider Threat. In: Proceedings of the REFSQ (2006)

    Google Scholar 

  14. Silver B.: BPMN Method and Style: A Levels-based Methodology for BPMN Process Modeling and Improvement using BPMN 2.0. Cody-Cassidy Press (2009)

    Google Scholar 

  15. Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering Journal 10(1), 34–44 (2005)

    Article  Google Scholar 

  17. Soomro, I., Ahmed, N.: Towards Security Risk-orineted Misuse Cases. In: La Rosa, M., Soffer, P. (eds.) BPM Workshops 2012. LNBIP, vol. 132, pp. 689–700. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Tartu, Estonia

    Raimundas Matulevičius

Authors
  1. Raimundas Matulevičius
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. DSV Stockholm University, Stockholm, Sweden

    Ilia Bider

  2. Public Research Centre Henri Tudor, Luxembourg

    Khaled Gaaloul

  3. Norwegian University of Science and Technology (NTNU), Sem Sælandsvei 7-9, N-7030, Trondheim, Norway

    John Krogstie

  4. Université de Paris 1 Panthéon - Sorbonne, Paris, France

    Selmin Nurcan

  5. Public Research Centre Henri Tudor, Luexemboug

    Henderik A. Proper

  6. Munich University of Applied Sciences, Munich, Germany

    Rainer Schmidt

  7. University of Haifa, Haifa, Israel

    Pnina Soffer

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Matulevičius, R. (2014). Model Comprehension and Stakeholder Appropriateness of Security Risk-Oriented Modelling Languages. In: Bider, I., et al. Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2014 2014. Lecture Notes in Business Information Processing, vol 175. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43745-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43745-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43744-5

  • Online ISBN: 978-3-662-43745-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation